[aprssig] APRS-IS Passcode Has Become An Utter and Total Joke....

Steve Dimse steve at dimse.com
Fri Mar 28 16:46:18 EDT 2014 

The first web page generator appeared less than three days after I published the algorithm on the aprssig. Many have come and gone over the years, often chased away through the harassment of self-appointed police that think they are making themselves useful. The generator program callpass has been in every version of aprsd since before I made the algorithm public (which was why I made it public); it is in xastir. Install either of these programs and type 'callpass k4hg' at the prompt and you get my code, 28817.

This is nothing new, you never needed to write code.

There is only one level of uselessness. Something is either useful or useless! ;-)

But it is also important to remember that this was never intended to be cryptographically secure. I would have used more than 15 bits, even in the 90s! The purpose was to provide cover for the FCC rule that offered IGate operators shelter from responsibility for the contents of the message if it was known to come from a ham. In the absence of that proof the transmitting station assumes all regulatory liability for the contents of the transmitted message. That is why the passcode has been useless ever since aprsd included the source code for the algorithm. 

IGate operators have not had that shelter for many years, and nothing bad has happened. Knock on wood.

Steve K4HG

On Mar 28, 2014, at 4:08 PM, Stephen H. Smith <WA8LMF2 at aol.com> wrote:

> I was Googling for information on the APRS-IS today, and discovered that there are now numerous webpages that have interactive self-serve passcode generators for APRS-IS "validated" log-ins on them.   Many will accept absolutely any random alphanumeric string such as tactical calls, CB handles, cipher groups or anything else.
> 
> Here are some of the ones I found:
> 
>     <http://callpass.kf5jwc.us/>
>     This one DOES verify that the string entered is a real callsign.
> 
>     <http://apps.magicbug.co.uk/passcode/index.php/passcode>
>     This one will accept anything as input
> 
> If you don't want to go online to generate your passcode, this downloadable Windows program will do the job locally:
> 
> <http://blog.eagleflint.com/software-downloads/aprs-is-passcode-generator/>
> 
> K4HG has been warning for ages that the APRS passcode scheme is totally non-secure, but it has now reached a new level of uselessness with these ready-to-run interactive pages and apps.
> 
> I.e. you no longer need to know how to translate the documented algorithm into actual program code in some language.
> 
> 
> _____________________________________________________
> 
> 
> --
> 
> Stephen H. Smith    wa8lmf (at) aol.com
> Skype:        WA8LMF
> EchoLink:  Node #  14400  [Think bottom of the 2-meter band]
> Home Page:          http://wa8lmf.net
> 
> 
> Long-Range APRS on 30 Meters HF
>    http://wa8lmf.net/aprs/HF_APRS_Notes.htm
> 
> High Performance Sound Systems for Soundcard Apps
>   http://wa8lmf.net/ham/imic.htm
>   http://wa8lmf.net/ham/uca202.htm
> 
> "APRS 101"  Explanation of APRS Path Selection & Digipeating
>  http://wa8lmf.net/DigiPaths
> 
> 
> 
> 
> _______________________________________________
> aprssig mailing list
> aprssig at tapr.org
> http://www.tapr.org/mailman/listinfo/aprssig

More information about the aprssig mailing list